According to the reports of the HHS department it has been found that less than 10% of the HIPAA breaches were due to hacking incidents. But recently there have been a number of high profile cyber violations at Blue Cross Blue Sheild etc. So obviously the next time these statistic reports are released the percentage of cyber breaches will be on the higher side.
We cannot deny the fact that the threat to cyber security is on the rise in all the sectors. The healthcare sector is no different. Here too cyber security threat is always one of the biggest concerns. In the year 2015 Verizon released a data breach investigation report. The financial loss as a result of such breaches was found to be around $ 400 million. According to this report 60% of the violations were as a result of the mistakes that the system administrators made. In 95% cases the credentials were stolen from customer’s device and then the hacker logged into the web applications with these credentials. 23% of the people opened phishing messages. 11% of the people clicked on suspicious attachments.
Most of the healthcare providers are covered entities and need to abide by the HIPAA certification rules and regulations. They must take good measures to prevent any risk to protected health information. It is important that the healthcare provider carries out a HIPAA risk assessment every year. In this they must check the probability of any potential danger to the electronic records. They must take proper steps to prevent any kind of violations.
The healthcare provider also has the option of selecting a cyber security insurance. This insurance will surely be helpful if the breach occurs but the most important thing is to prevent any such breach from happening in the first place.
It is also important that the healthcare provider has a good HIPAA compliance training program and understands the importance of HIPAA certification. He must frame out proper policies and procedures which needed to be documented. It is also important that the healthcare provider invests in training his staff members on a regular basis and maintains the logs of the training dates for the auditor.
You must give your best shot to prevent any kind of violation from happening. But if unfortunately any violation does happen then you need to be prepared. Make sure that you have a simple and comprehensive and up to date Breach Notification Policy. You must also make sure that you have enough coverage from your cyber security insurance policy. If you have still not purchased a policy then make sure that you buy one at the earliest.
Overall it is important that you have proper procedures and take proper measures in order to prevent any loss of protected health information due to lack of cyber security. Proper training of staff is one of the most important things as according to reports most of the breaches are due to negligence of staff or due to mistakes of system administrator. It is is equally important to opt for the option of cyber security insurance